<div>
    You could enable this options to use SAML ForceAuthn to force logins at our IdP,
    AuthnContextClassRef to override the default authentication mechanism,
    and force multi-factor authentication;
    you also could set the sessions on Jenkins to be shorter than those on your IdP.
</div>